Tenable discovers security flaw in industrial control software

 Tenable has announced that its research team has discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS).

Renaud Deraison, Tenable
Renaud Deraison, Tenable

The vulnerability, which impacts the same family of devices compromised in the STUXNET attack, could be used as a stepping stone in a tailored attack against critical infrastructure, with the potential for catastrophic damage.

According to Tenable, the flaw [CVE-2019-10915] would allow an unauthenticated, remote attacker to perform any administrative actions on the system, enabling them to add malicious code to adjacent ICS.

With the vulnerability, a bad actor could also exploit the vulnerability to harvest data in order to plan a future, targeted attack. The delicate nature and function of critical infrastructure means

... read more at: https://www.tahawultech.com/industry/technology/tenable-discovers-security-flaw-in-industrial-control-software/

Leave a Reply